Author: kwall
Date: Mon Jun 22 11:24:09 2015
New Revision: 1686838
URL: http://svn.apache.org/r1686838
Log:
QPID-6598: Correct typo in widget prompt and update Broker docbook
Modified:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/editBroker.html
qpid/java/trunk/doc/book/src/java-broker/concepts/Java-Broker-Concepts-Ports.xml
qpid/java/trunk/doc/book/src/java-broker/management/managing/Java-Broker-Management-Managing-Broker.xml
qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Configuration-Encryption.xml
Modified:
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/editBroker.html
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/editBroker.html?rev=1686838&r1=1686837&r2=1686838&view=diff
==============================================================================
---
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/editBroker.html
(original)
+++
qpid/java/trunk/broker-plugins/management-http/src/main/java/resources/editBroker.html
Mon Jun 22 11:24:09 2015
@@ -59,7 +59,7 @@
</div>
<div class="clear">
- <div class="formLabel-labelCell
tableContainer-labelCell">Config Encyrption:</div>
+ <div class="formLabel-labelCell
tableContainer-labelCell">Config Encryption:</div>
<div class="formLabel-controlCell
tableContainer-valueCell">
<input type="text"
id="editBroker.confidentialConfigurationEncryptionProvider"
data-dojo-type="dijit/form/FilteringSelect"
@@ -67,7 +67,8 @@
name:
'confidentialConfigurationEncryptionProvider',
required: true,
title: 'Select Configuration Encryption Type',
- placeHolder: 'Select encryption type'" />
+ placeHolder: 'Select encryption type',
+ promptMessage: 'If encryption is enabled,
configurations items such as passwords<br/>will be encrypted before being
written to the configuration store.'" />
</div>
</div>
Modified:
qpid/java/trunk/doc/book/src/java-broker/concepts/Java-Broker-Concepts-Ports.xml
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/doc/book/src/java-broker/concepts/Java-Broker-Concepts-Ports.xml?rev=1686838&r1=1686837&r2=1686838&view=diff
==============================================================================
---
qpid/java/trunk/doc/book/src/java-broker/concepts/Java-Broker-Concepts-Ports.xml
(original)
+++
qpid/java/trunk/doc/book/src/java-broker/concepts/Java-Broker-Concepts-Ports.xml
Mon Jun 22 11:24:09 2015
@@ -44,7 +44,7 @@
<para> Additionally, HTTP and JMX ports can be configured for use by the
associated management
plugins. </para>
<para>This diagram explains how Ports, <link
-
linkEnd="Java-Broker-Concepts-Authentication-Providers">Authentication
Providers</link>
+
linkend="Java-Broker-Concepts-Authentication-Providers">Authentication
Providers</link>
and an Access Control Provider work together to allow an application
to form a connection to
a Virtualhost.<figure>
<title>Control flow during Authentication</title>
Modified:
qpid/java/trunk/doc/book/src/java-broker/management/managing/Java-Broker-Management-Managing-Broker.xml
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/doc/book/src/java-broker/management/managing/Java-Broker-Management-Managing-Broker.xml?rev=1686838&r1=1686837&r2=1686838&view=diff
==============================================================================
---
qpid/java/trunk/doc/book/src/java-broker/management/managing/Java-Broker-Management-Managing-Broker.xml
(original)
+++
qpid/java/trunk/doc/book/src/java-broker/management/managing/Java-Broker-Management-Managing-Broker.xml
Mon Jun 22 11:24:09 2015
@@ -43,6 +43,11 @@
<para><emphasis>Heartbeating</emphasis>. Enables heartbeats between
Broker and Clients.
Heartbeats help discover severed TCP/IP connections in a timely
manner.</para>
</listitem>
+ <listitem>
+ <para><emphasis>Confidential configuration encryption
provider</emphasis>. The name of
+ the provider used to encrypt passwords and other secrets within the
configuration. See
+ <xref
linkend="Java-Broker-Security-Configuration-Encryption"/>.</para>
+ </listitem>
</itemizedlist>
</para>
</section>
Modified:
qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Configuration-Encryption.xml
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Configuration-Encryption.xml?rev=1686838&r1=1686837&r2=1686838&view=diff
==============================================================================
---
qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Configuration-Encryption.xml
(original)
+++
qpid/java/trunk/doc/book/src/java-broker/security/Java-Broker-Security-Configuration-Encryption.xml
Mon Jun 22 11:24:09 2015
@@ -31,34 +31,20 @@
uses a securely generated random key of 256bit<footnote><para>Java
Cryptography Extension (JCE)
Unlimited Strength required</para></footnote> to encrypt the secrets
stored within a key
file. Of course, the key itself must be guarded carefully, otherwise the
passwords encrypted
- with it may be compromised. For this reason, the Broker that the file's
permissions allow the
- file to be read exclusively by the user account used for running the
Broker.</para>
+ with it may be compromised. For this reason, the Broker ensures that the
file's permissions
+ allow the file to be read exclusively by the user account used for running
the Broker.</para>
<important>
<para>If the keyfile is lost or corrupted, the secrets will be
irrecoverable.</para>
</important>
<section id="Java-Broker-Security-Configuration-Encryption-Configuration">
<title>Configuration</title>
- <para>To use <literal>AESKeyFile</literal>, first stop the Broker, then
edit the Broker's
- configuration file ${QPID_WORK}/config.json. Insert a Broker attribute
called
- <literal>confidentialConfigurationEncryptionProvider</literal> with
value
- <literal>AESKeyFile</literal>. On restarting the Broker, it will
generate a keyfile in
- location <literal>${QPID_WORK}/.keys/</literal>. Any existing passwords
contained with the
- configuration will be automatically encrypted, as will any new or
changed ones in
- future.</para>
- <example>
- <title>Enanbling password encryption</title>
- <screen>
- {
- "id" : "3f183a59-abc3-40ad-8e14-0cac9de2cac4",
- "name" : "${broker.name}",
- "confidentialConfigurationEncryptionProvider" : "AESKeyFile",
- ....
- }
- </screen>
- </example>
+ <para>The <literal>AESKeyFile</literal> encyptor provider is
enabled/disabled via the <link
+ linkend="Java-Broker-Management-Managing-Broker">Broker
attributes</link> within the
+ Web Management Console. On enabling the provider, any existing
passwords within the
+ configuration will be automatically rewritten in the encrypted
form.</para>
<para>Note that passwords stored by the Authentication Providers <link
-
linkEnd="Java-Broker-Security-PlainPasswordFile-Provider">PlainPasswordFile</link>
and.
- <link
linkEnd="Java-Broker-Security-Base64MD5PasswordFile-Provider">PlainPasswordFile</link>
+
linkend="Java-Broker-Security-PlainPasswordFile-Provider">PlainPasswordFile</link>
and.
+ <link
linkend="Java-Broker-Security-Base64MD5PasswordFile-Provider">PlainPasswordFile</link>
with the external password files are <emphasis>not</emphasis> encrypted
by the key. Use the
Scram Authentication Managers instead; these make use of the
Configuration Encryption when
storing the users' passwords. </para>
@@ -69,6 +55,7 @@
the user, perhaps owing to the security standards of their institution,
the
<literal>ConfigurationSecretEncrypter</literal> interface is designed
as an extension point.
Users may implement their own implementation of
ConfigurationSecretEncrypter perhaps to employ
- stronger encryption or delegating the storage of the key to an
Enterprise Password Safe.</para>
+ stronger encryption or delegating the storage of the key to an
Enterprise Password
+ Safe.</para>
</section>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
